Hard Invalidation of Electronic Signatures

Abstract

We present a new concept for invalidating electronic signatures which, in many situations, seem to be better suited for real business and society applications. We do not rely on an administrative invalidation process executed separately for each single signing key and based on certificate revocation lists. Instead, all signatures created with a certain group are invalidated by a certain event. We propose a hard invalidation via releasing of the inherent cryptographic proof value – instead of soft invalidation via revoking certificates which leaves intact the cryptographic strength of signatures (even if legal validity is partially lost).

European Commission: Proposal for a regulation of the European Parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation). COM, 11 (2012)Google Scholar

The European Parliament and European Council: Regulation (EU) no 910/2014 of the European Parliamnt and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Official Journal of the European Union L 257/73 (2014)Google Scholar